lessfoobar
commented
2 years ago @richm I'm trying to build the test for the nbde_server and the firewall fact gathering is not working. Could you have a look ?
Closed lessfoobar closed 2 years ago
lessfoobar
commented
2 years ago @richm I'm trying to build the test for the nbde_server and the firewall fact gathering is not working. Could you have a look ?
richm
commented
2 years ago @richm I'm trying to build the test for the nbde_server and the firewall fact gathering is not working. Could you have a look ?
Looks like the controller node is fedora-35 - what is the managed node (the 192.168.88.100 machine) - is it also fedora-35? Looks like you are using the fedora-35 rpm package linux-system-roles version.
richm
commented
2 years ago @lessfoobar I see - you are using version 1.20.2 but the firewall facts feature wasn't added until 1.21 - https://src.fedoraproject.org/rpms/linux-system-roles/c/22738ef99be4e393e8e783f1f642080240eb12ea?branch=rawhide 1.21 is currenly in Testing - https://bodhi.fedoraproject.org/updates/FEDORA-2022-6bac5823de - if you like, try it out and give it some positive karma and it may be released to Stable sooner In the meantime, you could install collection from Galaxy https://galaxy.ansible.com/fedora/linux_system_roles (version 1.26.1 - I know it's confusing that the versions aren't in sync . . .)
lessfoobar
commented
2 years ago The problem is when I try to use the ansible-galaxy fedora.linux-system-roles collections, every time I put them in a playbook it is searching for the role path not the collection path and the new roles are in ~/.ansible/collections/ansible_collections/fedora/linux_system_roles/
maybe I need to put some symlincs to ~/.ansible/roles/
richm
commented
2 years ago The problem is when I try to use the ansible-galaxy fedora.linux-system-roles collections, every time I put them in a playbook it is searching for the role path not the collection path and the new roles are in
~/.ansible/collections/ansible_collections/fedora/linux_system_roles/maybe I need to put some symlincs to~/.ansible/roles/
I'm not sure what you mean. Can you give me an example - playbook, cli, output?
lessfoobar
commented
2 years ago when you install the linux-system-roles package, the roles are installed in /usr/share/linux-system-roles and shortcuts to each role are being created in /usr/share/ansible/roles.
in playbook when you refer to the role as example firewall:
the role-path is searched. The default paths in ansible.cfg are:
./roles ~/.ansible/roles /etc/ansible/roles /usr/share/ansible/roles
However, when you download the fedora.linux-system-roles from ansible-galaxy they are saved in:
/usr/share/ansible/collections ./collections/ansible_collections/fedora/linux_system_roles/ ~/.ansible/collections/ansible_collections/fedora/linux_system_roles/
those are collection paths and no shortcuts to the roles paths are being created. Thus when you have both the package and the collections, the package always takes precedence over the latest collections, because it is in the right path.
richm
commented
2 years ago when you install the
linux-system-rolespackage, the roles are installed in/usr/share/linux-system-rolesand shortcuts to each role are being created in/usr/share/ansible/roles. in playbook when you refer to the role as example firewall:* linux-system-roles.firewallthe role-path is searched. The default paths in ansible.cfg are:
./roles ~/.ansible/roles /etc/ansible/roles /usr/share/ansible/roles
However, when you download the
fedora.linux-system-roles from ansible-galaxythey are saved in:
Why download the fedora.linux_system_roles collection from galaxy if you already have the Fedora linux-system-roles RPM package installed? The RPM package includes both the roles in legacy role format installed in /usr/share/ansible/roles AND the fedora.linux_system_roles collection installed in /usr/share/ansible/collections.
/usr/share/ansible/collections ./collections/ansible_collections/fedora/linux_system_roles/ ~/.ansible/collections/ansible_collections/fedora/linux_system_roles/
those are collection paths and no shortcuts to the roles paths are being created. Thus when you have both the package and the collections, the package always takes precedence over the latest collections, because it is in the right path.
lessfoobar
commented
2 years ago The solution was that I was referring to the role as: name: linux_system_role.firewall which is wrong and the correct one should be: name: fedora.linux_system_roles.firewall
richm
commented
2 years ago The solution was that I was referring to the role as: name: linux-system-role.firewall which is wrong and the correct one should be: name: fedora.linux-system-roles.firewall
you probably mean fedora.linux_systemroles.firewall - a collection name cannot have the - (dash) character, so we normally use the `` (underscore) in collection names.
lessfoobar
commented
2 years ago yeah typo again, will edit to fix it
What happened: TASK [linux-system-roles.firewall : Configure firewall] ****
failed: [192.168.88.100] (item={'detailed': True}) => {"ansible_loop_var": "item", "changed": false, "item": {"detailed": true}, "msg": "One of service, port, source_port, forward_port, masquerade, rich_rule, source, interface, icmp_block, icmp_block_inversion, target, zone or set_default_zone needs to be set"}What you expected to happen: To get a detailed view of my firewall facts
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
dnf info firewalldor commit hash if developing from gitgit log -n1 --format=format:"%H"): firewalld-1.0.5-2.fc35.src.rpmcat /etc/firewalld/firewalld.conf | grep FirewallBackend): FirewallBackend= nftablesansible --version): ansible [core 2.12.7]ansible-galaxy list | grep linux-system-roles.firewallor commit hash if developing from gitgit log -n1 --format=format:"%H"): linux-system-roles-1.20.2-1.fc35.noarch - linux-system-roles.firewall, (unknown version)cat /etc/os-release): Fedora Linux 35 (KDE Plasma)